LangGraph: vulnerability chain led to RCE — update self‑hosted

Colleagues — an important security alert: a chain of vulnerabilities in LangGraph enables remote code execution.
- Check Point and Yarden Porat found three flaws: SQLite SQLi (CVE‑2025‑67644), unsafe msgpack deserialization (CVE‑2026‑28277) and RediSearch injection (CVE‑2026‑27022). Patches are available.
- Attack flow: SQLi injects a fake checkpoint with a malicious BLOB; deserialization via get_state_history() triggers the payload.
- Recommendations: apply patches, enable authentication, segment networks, remove hardcoded secrets and restrict agent privileges.
Why it matters: common vulnerabilities in agent frameworks can expose secrets and allow RCE.
What will you do with your self‑hosted agents?
#cybersecurity #AI #LangChain #infosec


Latest comments
No comments yet.